Why Businesses Need to Secure Our Computers (and How to Do it!)

The use of personal computers in industry and commerce has expanded dramatically in the last decade. Large gains in employee productivity are possible as a result of this technology. However, ensuring the security of the processes and the privacy of data that these machines access is a very hard problem. Solutions that ensure security by preventing access by legitimate users are inconsistent with the gains in productivity that are possible. The general problem of computer security is being attacked by government and by academic and industrial research with some notable success.

The aim of this research’s is to review the principles behind these successes, to describe some of the remaining problems and to discuss their application in industry and commerce.

What is Computer Security?

Computer security is frequently associated with three core areas, which can be conveniently summarized by the acronym "CIA":
- Confidentiality: Ensuring that information is not accessed by unauthorized persons
- Integrity: Ensuring that information is not altered by unauthorized persons in a way that is not detectable by authorized users
- Authentication: Ensuring that users are the persons they claim to be

Computer security is not restricted to these three broad concepts. Additional ideas that are often considered part of the taxonomy of computer security include:
- Access Control: Ensuring that users access only those resources and services that they are entitled to access and that qualified users are not denied access to services that they legitimately expect to receive
- Non-repudiation: Ensuring that the originators of messages cannot deny that they in fact sent the messages
- Availability: Ensuring that a system is operational and functional at a given moment, usually provided through redundancy; loss of availability is often referred to as "denial-of-service"
- Privacy: Ensuring that individuals maintain the right to control what information is collected about them, how it is used, who has used it, who maintains it, and what purpose it is used for

Simply, we can say, Computer Security is a set of policies, procedures, tools and techniques, to protect computer assets from accidental, intentional, or natural disasters. It covers all components of a company’s hardware, software, networks, physical facilities, data and information and personnel.

Why Should I Care About Computer Security?

Our computers help us stay connected to the modern world. We use them for banking and bill paying, shopping, connecting with our friends and family through email and social networking sites, surfing the internet, and so much more. We rely so heavily on our computers to provide these services that we sometimes overlook their security. Because our computers have such critical roles in our lives and we trust them with so much personal information, it’s important to improve their security so we can continue to rely on them and keep our information safe.

Attackers can infect our computer with malicious software, or malware, in many different ways. They can take advantage of unsafe user practices and flaws in our computer’s programs (flaws including vulnerabilities and unsecured services and features) and use social engineering (in which an attacker convinces someone to perform an action such as opening a malicious email attachment or following a malicious link). Once our computer is infected, intruders can use the malware to access our computer without our knowledge to perform unwanted actions. They can steal our personal information, change computer configurations, because our computer to perform unreliably, and install even more malware they can use to leverage attacks or spread malware to others.

One of the most well-known attacks was the Conficker malware detected in late 2008. This malware grew to become one of the largest malware infections, affecting millions of computers and causing billions of dollars in damage across the world. The Conficker malware had the ability to steal and relay personal information to attackers, disable existing security measures like Windows Automatic Updates and antivirus software, and block internet access to popular security websites. Attackers could use infected computers as part of a botnet, or a collection of compromised computers connected to the internet, to leverage additional attacks against other computers. The Conficker malware took advantage of three separate security flaws on Microsoft Windows computers: the enabled file sharing service, the default AutoRun setting, and a vulnerability in the Windows Server network service.